I know you specifically asked for non-US back up solutions, but I honestly don’t think you can beat Backblaze’s personal tier, as far as pricing. $99 per year for unlimited storage. Solid company, I’ve been using them for years. If you are encrypting your backups, and following the 3,2,1 back up schema, should Uncle Sam grab your backup, it’s pretty much useless and you still have a couple backups in hand. You can encrypt with VeraCrypt or similar, and push that up the pipe to BackBlaze.

The caveats to using BackBlaze are, whatever you are backing up, has to be connected to the PC/Server. So, no NAS although someone here mentioned a work around for that, so if you go the BackBlaze, make sure you ask here what that option is because my frail brain cannot remember what the name of it was, but apparently it works well. Other such options would be rclone, Mountain Duck, ExpanDrive, or odrive. These are unofficial softwares, and can/could lead to termination of your account. Secondly, if you’re pushing aver 10 TB to BackBlaze and you need to restore, 10 TB is going to be a bitch to do online. However, you can ‘rent’ a HDD from BackBlaze. They’ll mail it to you, you restore your data, and send the drive back for a full refund, or keep it should you wish.

I receive no compensation from BackBlaze for this recommendation.

This. Assuming you are following the 3,2,1 schema, if the big, bad American boogie man gets it, it will be encrypted (useless), and backed up elsewhere.

Music has always been entertaining, informative, controversial, and political. One only has to look at 60s and 70s music. Very politically charged. Hendrix, Dylan, RATM, et al. So, I don’t require artists and musicians to quell their political core beliefs in their songs. However, when their political core beliefs, coupled with just being an outright asshole, overshadows the enjoyment of their music, I tend to turn a deaf ear. Kid Rock plays well with the redneck crowd, so there’s that.

See, I understand that when using 1.1.1 or 1.0.0.1, Cloudflare will assign different IP’s to use as it deems necessary. That was not the issue. The issue was the VPN was reporting several different IP’s, same IP block owned by the VPN (first three octets were the same), but different ending octets. That has never occurred in the years I’ve been using a VPN and checking every morning. So that is what caused the heartburn. I am running the VPN on my pFsense box.

The issue is that I know what I know, and that’s it. LOL I’ve had a computer in front of me since the mid 70s, but don’t equate longevity with knowledge. I am self taught in most everything I do whether in real life or digital life. So when something pops up that’s different to your regularly scheduled program, it cause anxiety. Since I am not a real IT professional, solving the issue can sometimes be tedious.

I am, however, a bit sensitive to the word ‘paranoia’. It’s not paranoia to check yourself before you start the day. It takes less than thirty seconds to validate dns leak checks while I’m sipping my coffee. Also, if it wasn’t a habit every morning to check, I probably would have been clueless to the situation. It could have been leaking and I would have never known it.

's-aright. I appreciate greatly, everyone’s willingness to help and give their input. No harm - no foul.

I wished they’d create a MobaXterm for Linux.

But the outcome is the same: you have no control over this behaviour.

Yes, I totally understand that. It seemed suspicious to me because it had never happened to me before. (I have bookmarked a few articles about this 'Round Robin to read this evening) Like I said, This check gets done every morning, and has been a ‘ritual’ for years, and I have had the same VPN provider for years. So, that is what triggered my anxiety. I appreciate what everyone else has said, and I bow to greater knowledge bases than I possess. At the very least, TIL. So it’s been a good day 'tater.

this should be checked once

The way I see it is, we have three options:

• Always trust, never verify
• Trust but verify
• Never trust, always verify

640K ought to be enough for anybody.

At some point a drive can get TOO big

I was thinking the same. I would hate to toast a 140 TB drive. I think I’d just sit right down and cry. I’ll stick with my 10 TB drives.

selfhosters have at least one loose screw.

I have a box of them, right next to my box of strings too short to use.

Am I missing anything here or is this how I’m supposed to be doing it?

AFA fail2ban, I always set up the jails in aggressive mode:

[sshd]
mode = aggressive
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5 <---edit to tastes
bantime = 3600 <---edit to tastes
findtime = 600 <---edit to tastes

You might want to check out Crowdsec, maybe deploy Tailscale as an overlay. How many users are you providing services for? If just yourself, I use the host allow / host deny feature in Linux. Just make sure you do host allow first, lol.

I’ll have to accept a higher knowledge base than mine, but I check this every morning, and for years they have been the same across different leakcheck sites.

They have always been the same, now for years.

Hmmmm I seem to be unable to explain.

Ok. Fire up the VPN.

Do, 4 different, simultaneous, leak checks from multiple sites like Browser Leaks, dnscheck.tools, etc.

As in the picture, under ‘Your IP’. Results:

• https://dnsleaktest.com/: xxx.xxx.xxx.123
• https://browserleaks.com/dns: xxx.xxx.xxx.131
• https://dnscheck.tools/: xxx.xxx.xxx.125
• https://ipleak.net/: xxx.xxx.xxx.122

Whereas xxx.xxx.xxx stayed the same, but the last set in the sequence was different in every test. The IP block (xxx.xxx.xxx.) was the same, just the last three digits were different in 4 different, simultaneous, tests. I realize VPN IPs change and so do Cloudflare IPs change. What I am saying is tho the IP block was the same (owned by the VPN), just the last three digits were different, even when I changed locales in my VPN.

I hope that explains what I’m trying to say.

Maybe a picture will help. This one is from Browserleaks:

Where the IP is listed at the top of the page. All the last numbers in the IP sequence were different. Same block, still piped through Cloudflare tho.

Each different DNS leak test sites (multiple), were different, yet the same IP block. I don’t view it as paranoia. When you fire up your VPN, even though you have specified a certain locale, say Mexico, you still get different IPs each time you start your VPN, at least I do.

Example: 4.4.4.5, 4.4.4.6, 4.4.4.15

Same block, different IPs reported.

There are a lot of server monitoring softwares out there, but Netdata gives you just about every metric I’d ever want to look at. Can be deployed using Docker (https://learn.netdata.cloud/docs/netdata-agent/installation/docker).

The one thing I do when linking to Netdata in whatever dashboard you are running, I use the v3 switch at the end of the url thusly:

https://netdata.mycoolserver.com/v3

That way you don’t have to log in to the mother ship to view your metrics.

ETA: mobile app available

Welcome. Good to meet you.

I think when I said open port 22, I was giving an illustration of the hordes of bots that will show up at your doorstep. Best practice is to use ssh keys and rotate them.